I'm using the Splunk CIMValidator app tovalidate that data is flowing into my Splunk Enterprise Security data models correctly. For a number of thedata models, the app shows 0% compliance b...
We are using ES with a datamodel that has the base constraint:
(`cim_Malware_indexes`) tag=malware tag=attack
This drives correlation searches like: Endpoint - Recurring Malware I...
Looking over the clients configuration for adding a lookup based source for Enterprise Security Threat Intelligence, it appears to be configured correctly.
However I still see zero events in the d...
...irewall and end points devices) or we can use for all products?
Is it useful for validating changes made by the firewall admins?
Kindly advice, Thanks in advance.
Now that thedata is populating properly and the Real-Time tab is doing what it should be, I've moved on to troubleshooting some of the other sections. Starting with Audience, I get no results in the...
...v collections.
To have a service object to Splunk I use:
service = client.connect( username=, password=, app=)
But I do not want to have theusername and password part of this script. I h...